hxxps://www[.]paypal[.]com/mobile-app/package-tracking/list?source=shipment_email&txn_id=8LR87912NA702705W&trigger_point=shipment_tracking&pp_web_dl=custom&pp_mob_dl=custom&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT002768&utm_unptid=047cb6f3-a1d6-11ef-99af-db162df8b56f&ppid=RT002768&cnac=US&rsta=en_US%28en-US%29&cust=T3BLJDVLWFUBE&unptid=047cb6f3-a1d6-11ef-99af-db162df8b56f&calc=f760489915a4c&unp_tpcid=new-email-shipment-tracking-info-entered&page=main%3Aemail%3ART002768&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1[.]292[.]0&tenant_name=PAYPAL&xt=145585%2C150948%2C104038&link_ref=package-tracking_list

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2024, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.paypal.com/mobile-app/package-tracking/list?source=shipment_email&txn_id=8LR87912NA702705W&trigger_point=shipment_tracking&pp_web_dl=custom&pp_mob_dl=custom&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT002768&utm_unptid=047cb6f3-a1d6-11ef-99af-db162df8b56f&ppid=RT002768&cnac=US&rsta=en_US%28en-US%29&cust=T3BLJDVLWFUBE&unptid=047cb6f3-a1d6-11ef-99af-db162df8b56f&calc=f760489915a4c&unp_tpcid=new-email-shipment-tracking-info-entered&page=main%3Aemail%3ART002768&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=PAYPAL&xt=145585%2C150948%2C104038&link_ref=package-tracking_list

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
3936	msedge.exe
3936	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 1016	3936	msedge.exe	85
PID 3936 wrote to memory of 1016	3936	msedge.exe	85
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 3700	3936	msedge.exe	86
PID 3936 wrote to memory of 916	3936	msedge.exe	87
PID 3936 wrote to memory of 916	3936	msedge.exe	87
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88
PID 3936 wrote to memory of 3684	3936	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/mobile-app/package-tracking/list?source=shipment_email&txn_id=8LR87912NA702705W&trigger_point=shipment_tracking&pp_web_dl=custom&pp_mob_dl=custom&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT002768&utm_unptid=047cb6f3-a1d6-11ef-99af-db162df8b56f&ppid=RT002768&cnac=US&rsta=en_US%28en-US%29&cust=T3BLJDVLWFUBE&unptid=047cb6f3-a1d6-11ef-99af-db162df8b56f&calc=f760489915a4c&unp_tpcid=new-email-shipment-tracking-info-entered&page=main%3Aemail%3ART002768&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=PAYPAL&xt=145585%2C150948%2C104038&link_ref=package-tracking_list
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd70846f8,0x7ffcd7084708,0x7ffcd7084718
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2814685617738483324,6488446351836882509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
22dcd74a1256b99bfb54ac8753c26268

SHA1
5bda0f7a728b60ed0a7b50aa701762c71aca11a7

SHA256
bc3427faf0eaeb6466593e428f5a245ef6de45a76aea30f88f89a930487d4fba

SHA512
1be58989eceb3d400c75b3d58a9fa4327d72777f68ed101a15b83f907e7a351b913e7d5cbb07638d05446663e80b436f6cefcb3a21fc1f15cd4574679ab8f50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
331B

MD5
67543da3da0f121e0d5f9f411c44875f

SHA1
a7f0bae1a70738189e9f1cc9abde123f69bd4590

SHA256
bec215c122c5f6375ea5b6cc05599545ce6843da420cbfc396c5b536da6a13a7

SHA512
83883b89140c428f2f05b6a9d9cb8f6b717bf523adbc496a7eaa5cd39b4872028675e3e6b207ba906a62592561fe904b3c8afc18a5b1c57fcb963475e3bb254b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa76df2dd11f23704981727a04384b40

SHA1
e7ded94ad73f33c42fe795a1a6117495efd4e3b3

SHA256
852265e403f2cbff625003a88070087d37b998f2062a3b489bdf0bad59de9c62

SHA512
b2396a306599f5aeb7ec63ced67639dea4d7faa36874501f39a6c0de2e8ec0cf230e46b874877547f2634231e3c366dc1d9de11bb7b26f8211638d17a139ee81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
120682dcb8238a2e8de460cf02430945

SHA1
9af679f01f37de6de0bcd8d285778398639c4ae8

SHA256
1339268fac342e695244c0a0297cb555119703b953fecc43b3e81c4df7bb8551

SHA512
fd821c27ad06fd599f9d0fcb3cdfe948f50031c30a427f84b3ccdd811d9ea49e1182a74e16fd4d41aa4894651af27ead89fa2ca2eb859a1f247a2eef58f42d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
531B

MD5
613db99bf1836730c8b306cd5628aa70

SHA1
028fc4e4690113d297c0dc09888d781f072282d1

SHA256
a8d57f6450e56499ea411078a62a153efaa1571aa7e5cfbba43fe16afd69f581

SHA512
21d37f7a313693229028a499cc7259f181e70302cf2ad5b7743d47eb811238f7423f6bff006ef165401da24bfb7bf46cafd87606b3463ffd8503a0704ac3e393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d06.TMP

Filesize
533B

MD5
c3ec9f42cf1645c2de47eb92716f6b51

SHA1
b703a8a96673b797270f8fb8db763afa961ea150

SHA256
3abcdaca74fef753edf0bfa8f9e310321a2b15438c723d9f8ae34666693405b7

SHA512
9a131993adab542bcdf1716bc2e1129b54a482541bcc101564fe510d8c81349b928091d00c7a46c0f581f2d6cbdf06ec7130fc815559b8a6c5578065cf6eaf87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c531051d6d7f5a04b219dfdd2ba1d921

SHA1
5484c89d20bb3dee893af15b6c5f353f8bc3d5cc

SHA256
ac64cf9f67d54b1e3f017a1291d5bd26710080ebc54837c465126669ee1467ef

SHA512
52a836ca47e9fcd871f786144586d08411eb30c8626281403b37073698f023b1d6d870ef340d8992385dc907dcbd71827f121058e57c232f056320e079f66603

Download Submit